SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attackers to gain sensitive information via the q parameter to the getuser.php endpoint.
References
Link | Resource |
---|---|
https://projectworlds.in/free-projects/php-projects/online-doctor-appointment-booking-system-php-and-mysql/%2C | |
https://projectworlds.in/wp-content/uploads/2020/05/PHP-Doctor-Appointment-System.zip | Product |
https://www.exploit-db.com/exploits/49059 | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2023-02-17 15:15
Updated : 2023-11-07 03:21
NVD link : CVE-2020-29168
Mitre link : CVE-2020-29168
CVE.ORG link : CVE-2020-29168
JSON object : View
Products Affected
online_doctor_appointment_booking_system_php_and_mysql_project
- online_doctor_appointment_booking_system_php_and_mysql
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')